It may be among the most geeky of geekdom's topics, but embedded systems are becoming more prominent in more places. Device design and function is often a sub-world overlooked: Those chips, operating systems, middleware, and applications that are not in your PC or server, but do fly airplanes, steer smart bombs, make your car use oxygen better, and run the robots that produce our appliances. There are many more millions of these embedded gizmos running the world than what we typically think of when we hear "silicon."

One of the larger trends in the embedded space, and this is an arena under more change than in decades, is the need for the devices to be connected, often wirelessly and often now using good old TCP/IP. The once untouchable, clamped-down embedded device is morphing into a remotely programmable and up-dateable edge point. This brings in a lot of neat attributes, such as application improvements via updates, and two-way data communications (ala RFID), but it also rears up a potentially ugly underside: security vulnerabilities, from anywhere on the Internet.

It's one thing to get a virus attached to an email, but what if your car got one -- and it decided to execute a funny little routine while you're cruising at 70 mph? Or perhaps a code vulnerability was tapped by a network crawler on a device that was operating heavy machinery in a coal mine where your second-cousin's husband works? Or perhaps terrorists would prefer to hijack airplanes from under the rocks where they live?

The military has long understood the dual-edged sword of connected smart devices. There has been an explosion of edge devices in military supply chains, communications networks, and in battlefield operations. This makes for smart operations, and real-time data-rich views into what is going on across much wider theatres of activity. But at the same time, it makes the entire system vulnerable if the devices at the edge are vulnerable. The military and its contractors have been working to solve this problem for a long time: How to get the most from networked technology without allowing it to get back to you.

So is there a connection between the military's perseverance and your iPod? Could well be. Many of the same technological and architectural barriers designed to protect devices in the most sensitive applications are being diverted for use in commercial, transportation, entertainment, manufacturing, and automotive uses. This week Green Hills Software announced that the U.S. Government's National Information Assurance Partnership is going to evaluate for high security certification its INTEGRITY‑178B operating system.

Now, the highest security-level device might not be right for your toaster oven, but I sure like the idea of them in my car, as well as in my enterprise firewall and network hardware.

Dana Gardner is president and principal analyst at Interarbor Solutions, an enterprise IT analysis, market research, and consulting firm. Gardner, a leading identifier of software and cloud productivity trends and new IT business growth opportunities, honed his skills and refined his insights as an industry analyst, pundit, and news edito...
Full Bio

Disclosure

Dana Gardner is president and principal analyst at Interarbor Solutions, LLC, a New Hampshire-based IT analysis and new media content production and consultancy firm that he founded in 2005. He produces a series of podcast/videocast/transcript/blog content shows, called BriefingsDirect[tm/sm], some of which are sponsored and which he blogs on. Such sponsored shows are declared individually as such and by what organization or company. When Dana blogs on ZDNet on companies that he does have, or has had, consulting and/or sponsorship relationships, he declares that in each blog entry. There is no connection between the negotiation of such sponsorships and the opinions expressed by Dana here on ZDNet. The following organizations/companies are active sponsors, or have consulting relationships with Dana: Ariba/SAP, Akamai Technologies, BMC Software, Dell Software, Embarcadero Technologies, GigaOM Research, Hewlett-Packard, Kapow Software, The Open Group, VMware, and Workday. As a matter of CNET Networks and Interarbor Solutions policies, when Dana covers an organization that is also a sponsor of a BriefingsDirect-produced podcast, videocast or any other content, a disclosure will be included with the coverage. Updated (4/11/2013): Instead of providing a disclosure on just those editorials (blog posts, etc.) that intersect the above listed companies, we have changed the policy to include a link to this full disclosure at the end of every one of Dana's blog posts. In the case of audio or video-based coverage, such disclosures will be provided within the editorial content itself.